Postfix: prevent users from changing the real e-mail address
Have a look at the smtpd_sender_restrictions
and smtpd_sender_login_maps
settings. The former can prevent malformed from
addresses, while the latter can force the sender address to match the login name.
# Prevent malformed senders
smtpd_sender_restrictions =
reject_non_fqdn_sender # Ensure correct mail addresses
reject_unknown_sender_domain # Ensure sender address is from an existing domain
reject_authenticated_sender_login_mismatch # Check if the user is
# allowed to use this sender address
# Maps used to stop sender address forgeries.
smtpd_sender_login_maps = pcre:/etc/postfix/login_maps.pcre
The contents of login_maps.pcre
could be
# Use this regex if your users are local users, i.e. if the login name
# is just the username, not a full mail address.
# Note that literal dots have to be backslash escaped (`\.`) to avoid
# interpretation of these dots as regex wildcard.
/^([^@+]*)(\+[^@]*)?@example\.com$/ ${1}
# If one doesn't care about subaddresses, this could be simplified to
/^(.*)@example\.com/ ${1}
# This is appropriate if you have virtual users who login with their
# full mail address as their username. Local addresses won't work, though
/^(.*)$/ ${1}
The above config assumes that postfix was compiled with support for PCRE. On Ubuntu/Debian, this requires the postfix-pcre
package to be installed.
Note that this will only work if nobody but authenticated users can send mail. If you allow mail from unauthenticated users, the above method won't help and will fail. Make sure to read Rui F Ribeiro's answer if that's the case.
While SMTP forging cannot be prevented, and the underlying protocol was not designed with security in mind, you can minimise in postfix the effects of email forging by your internal users.
You can configure your postfix and clients to be mandatory to authenticate to send email via port 587 with authentication.
That does not however prevent them from sending email, however, it makes the life of spam malware more difficult (but not impossible).
As for gmail, they have lots of the customisations to the code, or even their own proprietary email server. Back when I managed an ISP, I collected and wrote extensions to QMail that did not allow it to forward emails that were not from our domain, and also only accepting existing authenticated users in the FROM field (e.g. double checking the FROM with the user doing the authentication)
To relay email only for authenticated users in postfix, make sure you have in the file /etc/postfix/main.cf
at the beginning of the smtpd_recipient_restrictions
directive the following two options:
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
For more details, please check the official documentation at Postfix SMTP relay and access control